Identifying Misbehaving Nodes in Wireless Sensor Networks Amogh Deshmukh

advertisement

International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 6 - June 2015

Identifying Misbehaving Nodes in Wireless Sensor Networks

Amogh Deshmukh

M.Tech Student (IT), VNR Vignana Jyothi College of Engineering & Technology, Hyderabad, India

Abstract —

Dropping and modifying packets are common attacks that can be launched by way of an adversary to disrupt communication in wireless multi-hop sensor networks. Many schemes have been proposed to mitigate or tolerate such attacks, however very few can easily and successfully determine the intruders. To handle this obstacle, I propose a simple yet powerful scheme, which can determine misbehaving forwarders that drop or modify packets. Extensive evaluation and simulations were carried out to verify the effectiveness of the scheme.

Keywords — Wireless Sensor Network, Packet modifier, Packet dropper, Intrusion detection, Misbehaving nodes, Node

Categorization, Node Ranking.

I.

INTRODUCTION AND RELATED WORK

In a WSN(wireless sensor network), sensor nodes monitor the environment, become aware of the events of curiosity, produce data, and collaborate in forwarding the information towards a sink node, which might be a gateway, base station, storage node, or querying user. Considering the ease with which it can be deployed, the low cost of sensor nodes and the potential of self-organization, a WSN is normally deployed in an unattended and adverse environment to perform the monitoring and information collection tasks. When it's deployed in such an atmosphere, it lacks physical safety and is subject to node compromise. After compromising one or more than one sensor nodes, an adversary may launch quite a lot of attacks to disrupt the in-network communication. Among these attacks, two of the most common ones are dropping the packets and altering the packets, i.e., compromised nodes drop or alter the packets that they are supposed to forward.

To overcome packet droppers, a commonly adopted countermeasure is multipath forwarding in which every packet is forwarded along multiple redundant paths and as a result packet drop in some but now not all of those paths may be tolerated. To overcome packet modifiers, most of the current countermeasures try to filter modified messages en-route within a particular number of hops. These countermeasures can tolerate or mitigate the packet dropping and modification assaults, but the intruders are nonetheless there and might proceed attacking the network without being caught.

To find and identify packet droppers and modifiers, it has been proposed that nodes continuously watch the forwarding behaviours of their neighbours to examine if their neighbours are misbehaving, and this approach can also be extended by means of using the reputation based mechanisms to enable nodes to deduce whether a non-neighbour node is trustable.

This methodology might also incur high-power cost through the promiscuous running mode of wireless interface; in addition, the reputation mechanisms must be exercised with cautions to hinder or mitigate bad mouth attacks and others.

Recently proposed scheme used to be probabilistic nested marking (PNM) scheme. But with the PNM scheme, modified packets will have to now not be filtered out en route seeing that they will have to be used as proof to infer packet modifiers; as a result, it can't be used in conjunction with present packet filtering schemes.

In this paper, I suggest a simple but powerful scheme to trap packet droppers and modifiers. In this scheme, a routing tree rooted at the sink is first established. When sensor information are transmitted along the tree structure towards the sink, each packet sender or forwarder provides a small number of extra bits, which is known as packet marks, to the packet. The layout of the small packet marks is deliberately designed such that the sink can acquire very valuable understanding from the marks. Particularly, based on the packet marks, the sink can figure out the drop ratio related to each sensor node, after which runs my proposed node categorization algorithm to identify nodes that are droppers/modifiers for definite or are suspicious droppers/ modifiers. As the tree constitution dynamically changes every time interval, behaviours of sensor nodes can be observed in variety of scenarios. Because the understanding of node behaviours has been collected, the sink periodically runs my proposed heuristic ranking algorithms to establish most likely dangerous nodes from suspiciously unhealthy nodes. This way, most of the dangerous nodes can also be slowly recognized with small false positive.

My proposed scheme has the following elements: 1) being powerful in catching both packet droppers and modifiers, 2) low communication and energy overheads, and 3) being suitable with current false packet filtering schemes; that's, it can be deployed with false packet filtering schemes, and consequently it cannot only establish intruders but additionally filter modified packets right away after the modification is detected.

II.

SECURITY MODEL

I consider a traditional deployment of sensor networks, where a tremendous number of sensor nodes are randomly deployed in a two dimensional area. Each and every sensor node generates sensory data periodically and all these nodes collaborate to forward packets containing the information toward a sink. The sink is located within the network. I expect all sensor nodes and the sink are loosely time synchronized, which is required by many functions. Attack resilient time synchronization schemes, which had been generally investigated in wireless sensor networks will also be employed. The sink is conscious of the network topology, which may also be achieved by way of requiring nodes to report their neighbouring nodes right after deployment.

I assume the network sink is dependable and freed from compromise, and the adversary cannot efficiently compromise

ISSN: 2231-5381 http://www.ijettjournal.org

Page 292

International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 6 - June 2015 normal sensor nodes in the course of the short topology establishment phase after the WSN is deployed. This assumption has been largely made in existing work. After then, the regular sensor nodes can also be compromised.

Compromised nodes may or won't collude with each other. A compromised node can launch the following two attacks:

Packet drop .

A compromised node drops all or one of the crucial packets that's supposed to forward. It may also drop the info generated with the aid of itself for some malicious intent such as framing harmless nodes.

Packet modifying .

A compromised node modifies all or one of the crucial packets that's supposed to forward. It might also alter the info it generates to shield itself from being identified or to accuse different nodes. suspiciously unhealthy nodes, the sink runs heuristic rating algorithms.

In the following sections, I first present the algorithm for

DAG establishment and packet transmission, which is followed by using my proposed categorization algorithm, tree structure reshaping algorithm, and heuristic ranking algorithms. To ease the presentation, I will first concentrate on packet droppers and anticipate no node collusion. After that, I present the way to prolong the presented scheme to manage node collusion and realize packet modifiers, respectively.

Establish ing DAG

III.

PROPOSED

IV.

SCHEME of Packet

Marks

Categorizi ng Nodes

Very high detection segment and a few equal-duration rounds of intruder identification phases.

Within the initialization phase, sensor nodes form a topology which is a directed acyclic graph (DAG).

A routing tree is extracted from the DAG.

Information reviews follow the routing tree structure.

In every round, data are transferred by means of the routing tree to the sink. Each packet sender/forwarder adds a small number of extra bits to the packet and also encrypts the packet. When one round finishes, based on the extra bits carried in the received packets, the sink runs a node categorization algorithm to identify nodes that have got to be unhealthy (i.E., packet droppers or modifiers) and nodes which are suspiciously dangerous (i.E., suspected to be packet droppers and modifiers).

The routing tree is reshaped in every round. As some number of rounds have finished, the sink will have gathered understanding about node behaviours in distinct routing topologies. The knowledge involves which nodes are unhealthy for sure, which nodes are suspiciously dangerous, and the nodes’ topological relationship. Additionally establishing unhealthy nodes from the probably large quantity of

IV.

ESTABLISHMENT OF DAG AND PACKET

TRANSFER

All sensor nodes form a DAG and extract a routing tree from the DAG. The sink knows the DAG and the routing tree, and shares a distinctive key with each and every node. When a node needs to send out a packet, it attaches to the packet a sequence quantity, encrypts the packet with only the key shared with the sink, after which it forwards the packet to its parent node on the routing tree. When an innocent intermediate node receives a packet, it attaches just a few bits to the packet to mark the forwarding route of the packet, encrypts the packet, after which it forwards the packet to its parent node. On the opposite, a misbehaving intermediate node may drop a packet it receives. On receiving a packet, the sink decrypts it, and as a result finds out the actual sender and the packet sequence number. The sink tracks the sequence numbers of obtained packets for every node, and for each targeted time interval, which I name a round, it calculates the packet drop ratio for every node. Based on the drop ratio and the competencies of the topology, the sink identifies packet droppers based on ideas we derive. In detail the scheme includes the next add-ons, which might be elaborated within the following.

The reason for system initialization is to set secret pairwise keys between the sink and every general sensor node, and to establish the DAG and the routing tree to facilitate packet forwarding from every sensor node to the sink.

Preloading keys and different system parameters. Each and every sensor node u is preloaded with the following information:

KK u

: a secret key completely shared between the node and the sink.

T r

: the duration of a single round.

Q p

: the maximum quantity of parent nodes that each and every node files for the duration of the DAG institution method.

Q s

: the highest packet sequence number. For each sensor node, its first packet has sequence number 0, the Q s th packet is numbered Q s

- 1, the ( packet is numbered 0, etc. and so on.

Q s

+ 1)

Establishing Topology After deployment, the sink broadcasts to its one-hop neighbours a 2-tuple <0, 0>. Within the 2- tuple, the first area is the identity of the sender (I anticipate the id of sink is zero) and the second subject is its

ISSN: 2231-5381 http://www.ijettjournal.org

Page 293

International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 6 - June 2015 distance in hop from the sender to the sink. Each and every of the remainder nodes, assuming its identification is u , acts as follows:

1.

On receiving the first 2-tuple < v , d v

>, node u sets its own distance to the sink as d u

= d v

+ 1.

2.

Node u records each node w (including node v ) as its parent on the DAG if it has received < w , d w

> where d w

= d v

. That is, node u records as its parents on the

DAG the nodes whose distance (in hops) to the sink is the same and the distance is one hop shorter than its own. If the number of such parents is greater than

Q p

, only Q p

parents are recorded while others are discarded. The actual number of parents it has recorded is denoted by n p,u

.

3.

After a certain time interval,1 node u broadcasts 2- tuple < u , d u

> to let its downstream one-hop neighbors to continue the process of DAG establishment. Then, among the recorded parents on the DAG, node u randomly picks one (whose ID is denoted as PA u

) as its parent on the routing tree.

Node u also picks a random number (which is denoted as RA u

) between 0 and Q p

- 1. As to be elaborated later, random number RA u

is used as a short ID of node u to be attached to each packet node u forwards, so that the sink can trace out the forwarding path. Finally, node u sends PA u

, RA u

and all recorded parents on the DAG to the sink.

After the above system completes, a DAG and a routing tree rooted at the sink is situated. The routing tree is utilized by the nodes to send sensory data until the tree changes later; when the tree desires to be transformed, the new constitution remains to be extracted from the DAG.

The lifetime of the network is divided into rounds, and every circular has a time size of T r

. After the sink has got the parent lists from all sensor nodes, it sends out a message to announce the of the first circular, and the message is forwarded hop by hop to all nodes within the network. Notice that, each sensor node sends and forwards data through a routing tree which is implicitly agreed with the sink in each and every round, and the routing tree changes in each and every round through the tree reshaping algorithm.

Sending and Forwarding Packets

Every node keeps a counter CO p

which keeps track of the number of packets that it has despatched to this point. When a sensor node u has a knowledge object D to record, it composes and sends the next packet to its parent node PA u

:

< PA u

, { RA u

, u , CO p

MOD Q s

, D , pad u,0

} KK u

, pad u,1

>, where CO p

MOD Q s

is the sequence number of the packet.

RA u

(0 ≤ RA u

≤ Q p

- 1) is a random number picked via node u during the method initialization segment, and RA u

is connected to the packet to allow the sink to find out the path along which the packet is forwarded. {X}

Y

represents the effect of encrypting X utilising key Y .

Paddings pad u,0

and pad u,1

are introduced to make all packets equal in size, such that forwarding nodes cannot inform packet sources based on packet length. In the meantime, the sink can still decrypt the packet to discover the genuine content material.

When a sensor node c receives packet < c,d >, it composes and forwards the next packet to its parent node PA v

:

< PA v

, { RA v

, d' } KK v

>, the place where d' is acquired by using trimming the rightmost log( Q p

) bits off d . Meanwhile, RA v

, which has log Q p

bits, is brought to the beginning of d' . Therefore, the size of the packet remains unchanged. If a routing tree, node u is the parent of node c and c is a parent of node d . When u receives a packet from c , it can't differentiate whether or not the packet at the beginning is dispatched with the aid of c or d unless nodes u and c collude. Hence, the above packet sending and forwarding scheme results in the problem to launch selective dropping, which is leveraged in finding packet droppers. I take precise consideration for the collusion eventualities.

Receiving Packets at Sink

We use node 0 to denote the sink. When the sink receives a packet <0, d' >, it conducts the next steps:

1.

Initializing two temporary variables u and d are introduced. Let u = 0 and d = d' at first.

2.

The sink attempts to discover a child of node u , denoted as c , such that dec(KK v

,d) will result in a string opening with RA v

, where dec(KK v

,d) means the outcome of the approach is decrypting d with key KK v

.

3.

If the strive fails for all child nodes of node u , the packet is recognized as had been modified and thus will have to be dropped.

4.

If the attempt succeeds, it suggests that the packet was forwarded from node c to node u .

Categorizing the Nodes

In every single round, for each sensor node u , the sink maintains monitor of the quantity of packets dispatched from u , the sequence numbers of these packets, and the quantity of flips in the sequence numbers of those packets, (i.e., the sequence number changes from a huge number of equivalent

Q s

- 1 to a small quantity such as 0 ). At the finish of every round, the sink calculates the drop ratio for each node u .

Think n u

,maxs is essentially the latest seen sequence number, n u

,flips is the quantity of sequence number flips, and n u

,recieve is the quantity of acquired packets. The drop ratio in this circular is calculated as follows: b u = n u

,flips * Q s

+ n u

,maxs + 1 - n u

,recieve / n u

,flips * Q s

+ n u

,maxs + 1

Founded on the drop ratio of every sensor node and the tree topology, the sink identifies the nodes which are droppers for definite and that are in all probability droppers. Thus for this cause, a threshold θ is first presented. We anticipate that if a node’s packets are not deliberately dropped by forwarding nodes, the drop ratio of this node should be less than θ. Note

ISSN: 2231-5381 http://www.ijettjournal.org

Page 294

International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 6 - June 2015 that θ will have to be greater than 0 , contemplating droppings induced with the aid of incidental reasons comparable to collisions. Step one of the identification is to mark each and every node with ―+‖ if its drop ratio is lower than θ, or with ―-

‖ or else. After then, for each route from a leaf node to the sink, the nodes mark pattern on this route can also be decomposed into any combination of the common patterns.

Based on the drop ratio of every sensor node and the tree topology, the sink categories the nodes based upon the node categorization algorithm. This algorithm identifies the nodes that are droppers for sure, possibly droppers and suspicious droppers.

Algorithm 1 Tree-Based Node Categorization Algorithm

1.

Input : Tree TR , with each node u, and its drop ratio

2.

for every single sink node in TR do

3.

find drop ratio d u

;

4.

if d u

< θ then

5.

Set u as good for sure or suspiciously dangerous;

6.

if d u

= 0 then

7.

Set u as good for sure;

8.

else if d u

>0

9.

Set u as suspiciously dangerous;

10.

else

11.

break;

12.

else

13.

Set u as dangerous for sure;

14.

Repeat

I anticipate that if a node’s packets aren't intentionally dropped via forwarding nodes, then drop ratio of this node will have to be less than θ. Always note that θ will have to be higher than zero. Here let's anticipate θ value is 0.7. The categorization of nodes can also be taken in anyone of the following instances (i) packet droppers for sure. (ii)

Suspicious packet droppers. (iii) Not packet droppers for definite. Algorithm 1 specified the Tree-situated Node

Categorization algorithm as for every sink node in TR and the following cases exist.

Case 1: If the drop ratio is less than θ , then a node has not dropped any packets (called as good for sure) or the node is suspected to have dropped packets (called suspiciously dangerous).

Case 1.1: If the drop ratio value is equivalent to zero, then the node has not dropped any packets.

Case 1.2: If the drop ratio is less than θ, but if it is greater than zero then it means that the node is suspected to have dropped some packets.

Case 2:

If the drop ratio is higher than θ, then a node needs to have dropped packets (called dangerous or bad for sure).

The dropping packets could be due to traffic, collisions and malicious node. Based on the above instances, I enhance a node categorization algorithm to find nodes that whether the node is unhealthy for certain, suspiciously unhealthy, or just right for sure. The tree used to gain knowledge is dynamically converted from round to round and each sensor node may have another parent node which is called tree reshaping.

My packet dropper identification scheme is simulated within the ns-2 simulator (variant 2.35) to assess the effectiveness and efficiency of the proposed scheme. The ambitions of this analysis can be divided into two parts: firstly, testing the effectiveness and efficiency of my scheme in monitoring and analysing packet droppers; secondly, learning the influences of quite a lot of system parameters (i.e., sensor data reporting interval, average delay, round size, etc.) and testing the performance evaluation of my proposed scheme. I measure the efficiency of my scheme with just one metric: the detection rate defined as the ratio of efficiently identifying unhealthy bad or dangerous nodes.

TABLE 1

PACKET ANALYSIS INFORMATION FOR NODE

INTERVAL COMMUNICATION

Interval of Node

8-2

2-1

0-4

3-6

7-15

12-4

V.

P ERFORMANCE EVALUATION

Rate of Detection

0.0000

0.0000

0.9554

0.5004

0.9944

NAN

Analysed Packet

Data

Packets Not

Dropped

Packets Not

Dropped

Packets Dropping

Suspect Bad Node

Drop of Packets

No packets are transferred

From the above table we can see that from node 14 to node

7, the detection rate is 0. Thus, packet dropping does not take place. From the node 7 to node 15, the detection rate is 0.9944.

Thus we can say for sure that packet dropping is taking place.

From the node 12 to node 4, the detection rate is NAN (Not a

Number). Thus, no packet transmission takes place. From the packet analysis information from table one, the packet dropping nodes information are filtered out. Hence the packet dropping information for node 1 to node 2, node 5 to node 13, and node 5 to node 12 are analysed in detail and explained in table 2. For the 3 node intervals, the reporting time variation for every 3 seconds is reported.

ISSN: 2231-5381 http://www.ijettjournal.org

Page 295

International Journal of Engineering Trends and Technology (IJETT) – Volume 24 Number 6 - June 2015

Node

Interval

Time

Interval

TABLE 2

ANALYSIS OF PACKET DROPPERS

0-3 5-13

3

6

9

12

0.9651

0.9862

0.9929

0.9944 0.9979 0.9944

From the table 2, the impact of the reporting interval is the highest for node 0 to node 3, node 5 to node 13 and node 5 to node 12. These intervals have the highest detection rate of

0.9774, 0.9934 and 0.9137 and respectively when compared with the existing method.

VI.

C

0.9905

0.9952

0.9971

ONCLUSION

5-12

0.9644

0.9869

0.9922

I endorse an easy yet powerful scheme to identify misbehaving nodes that drop or modify packets. Every packet is encrypted and padded to be able to conceal the origin of the packet. The packet mark, a small quantity of extra bits, is added in each and every packet such that the sink can identify the source of the packet and then figure out the dropping ratio associated with each and every sensor node. The routing tree structure dynamically changes in each and every round in order to monitor the behaviours of sensor nodes which can be monitored in a very large number of different scenarios.

Finally at the end, many of the unhealthy nodes can be identified by the heuristic rating algorithms with small false positive. Rigorous analysis, simulations, and implementation has been performed and validated to check the effectiveness of the proposed scheme.

R EFERENCES

[1] IJETT Omerah Yousuf, Ab Rouf Khan - Reliable and Robust Data

Transmission for Cluster-based Wireless Sensor Networks, Volume-21,

Number-1, 2015.

[2]

B. Xiao, B. Yu, and C. Gao, ―Chemas: Identify suspect nodes in selective forwarding attacks,

Journal of Parallel and Distributed

Computing, vol. 67, no. 11, 2007.

[3] Chuang Wang, Taiming Feng, Jinsook Kim, Guiling Wang, Member,

IEEE, and Wensheng Zhang, Member, IEEE, ―Catching Packet

Droppers and Modifiers in Wireless Sensor Networks

, IEEE

TRANSACTIONS on Parallel and Distributed System, vol. 23, no. 5, may 2012 .

[4] Chuang Wang, Taiming Feng, Jinsook Kim, Guiling Wang, Member,

IEEE, and Wensheng Zhang, Member, IEEE, ―Catching Packet

Droppers and Modifiers in Wireless Sensor Networks

, IEEE

TRANSACTIONS on Parallel and Distributed System, 2009.

[5] IJETT S.Saranya, M.V.B.Chandra Sekhar - Enhance the Life Time of

Wireless Sensor Network by Blemish Node Recuperation, Volume-22,

Number-1, 2015.

[6] F. Ye, H. Yang, and Z. Liu, ―Catching Moles in Sensor Networks, ‖

Proc. 27th Int’l Conf. Distributed Computing Systems (ICDCS ’07),

2007.

[7] IJETT Apurva Pathak, Manisha Bhende - Survey on Performance factors in Wireless Sensor Networks, Volume-23, Number-3, 2015.

[8] I. Krontiris, T. Giannetsos, and T. Dimitriou, ―LIDeA: A Distributed

Lightweight Intrusion Detection Architecture for Sensor Networks,

Proc. Fourth Int’l Conf. Security and Privacy in Comm. Networks

(SecureComm ’08), 2008

[9] J. Deng, R. Han, S. Mishra,

Defending against path-based DoS attacks in wireless sensor networks

, in: Proceedings of the Third

ACM on the Security of Ad hoc and Sensor Networks (SASN 2005),

2005, pp. 89–96.

[10] J. Parker, A. Patwardhan, and A. Joshi, ―Cross-layer analysis for detecting wireless misbehaviour,

in Proceedings of the Third IEEE

Consumer Communications and Networking Conference, 2006. CCNC

2006, vol. 1. IEEE, Jan. 2006, pp. 6–9.

[11]

K. Liu, J. Deng, P. K. Varshney, and K. Balakrishnan, ―An acknowledgment-based approach for the detection of routing misbehaviour in manets

, Mobile Computing, IEEE Transactions on, vol. 6, no. 5, 2007.

[12]

Q. Li and D. Rus, ―Global Clock Synchronization in Sensor

Networks,

Proc. IEEE INFOCOM, 2004

[13] R. Mavropodi, P. Kotzanikolaou, and C. Douligeris, ―Secmr—A

Secure Multipath Routing Protocol for Ad Hoc Networks

Ad Hoc

Networks, vol. 5, no. 1, pp. 87-99, 2007.

[14]

S. Lee and Y. Choi, ―A Resilient Packet-Forwarding Scheme Against

Maliciously Packet-Dropping Nodes in Sensor Networks,

Proc.

Fourth ACM Workshop on Security of Ad Hoc and Sensor Networks

(SASN ’06), 2006.

[15] S. Slijepsevic, M. Potkonjak, V. Tsiatsis, S. Zimbeck, and M.

Srivastava, ―On communication security in wireless ad-hoc sensor networks,

in Proc. 11th IEEE Int. Workshops Enabling Technol.:

Infrastructure for Collaborative Enterprises, Jun. 2002, pp. 139–144.

[16] S. Zhu, S. Setia, S. Jajodia, and P. Ning, ―An Interleaved Hop-by-

Hop Authentication Scheme for Filtering False Data in Sensor

Networks,

Proc. IEEE Symp. Security and Privacy, 2004.

[17]

T. H. Hai and E. N. Huh, ―Detecting selective forwarding attacks in wireless sensor networks using two-hops neighbor knowledge,‖ in

IEEE NCA, 2008.

[18] IJETT Shruthi V Raj, Hemanth S R - Simulation of ACO Technique

Using NS2 Simulator, Volume-23, Number-8, 2015.

[19] IJETT Jnanavi R B, Hemanth S R- Data Security Using Loc-Trust

Method, Volume-23, Number-8,2015

[20] IJETT Arpana Akash Morey, Dr. Jagdish W. Bakal - A Secure

Approach to Prevent Packet Dropping and Message Tampering Attacks on AODV-based MANETs, Volume 24, Number-2,2015.

ISSN: 2231-5381 http://www.ijettjournal.org

Page 296

Download